Args:
google_apps_domain: str (optional) If the user should be signing in
using an account under a known Google Apps domain, provide the
domain name ('example.com') here. If not provided, 'default'
will be used, and the user will be prompted to select an account
if they are signed in with a Google Account and Google Apps
accounts.
language: str (optional) An ISO 639 country code identifying what
language the approval page should be translated in (for example,
'en' for English). The default is the user's selected language.
btmpl: str (optional) Forces a mobile version of the approval page. The
only accepted value is 'mobile'.
auth_server: str (optional) The start of the token authorization web
page. Defaults to
'https://www.google.com/accounts/OAuthAuthorizeToken'

Args:
google_apps_domain: str (optional) If the user should be signing in
using an account under a known Google Apps domain, provide the
domain name ('example.com') here. If not provided, 'default'
will be used, and the user will be prompted to select an account
if they are signed in with a Google Account and Google Apps
accounts.
language: str (optional) An ISO 639 country code identifying what
language the approval page should be translated in (for example,
'en' for English). The default is the user's selected language.
btmpl: str (optional) Forces a mobile version of the approval page. The
only accepted value is 'mobile'.
auth_server: str (optional) The start of the token authorization web
page. Defaults to
'https://www.google.com/accounts/OAuthAuthorizeToken'

Args:
google_apps_domain: str (optional) If the user should be signing in
using an account under a known Google Apps domain, provide the
domain name ('example.com') here. If not provided, 'default'
will be used, and the user will be prompted to select an account
if they are signed in with a Google Account and Google Apps
accounts.
language: str (optional) An ISO 639 country code identifying what
language the approval page should be translated in (for example,
'en' for English). The default is the user's selected language.
btmpl: str (optional) Forces a mobile version of the approval page. The
only accepted value is 'mobile'.
auth_server: str (optional) The start of the token authorization web
page. Defaults to
'https://www.google.com/accounts/OAuthAuthorizeToken'

Calculates a digital signature using the private RSA key, a timestamp
(uses now at the time this method is called) and a random nonce.

Args:
http_request: The atom.http_core.HttpRequest which contains all of the
information needed to send a request to the remote server. The
URL and the method of the request must be already set and cannot be
changed after this token signs the request, or the signature will
not be valid.

Args:
str_or_uri: The current page's URL (as a str or atom.http_core.Uri)
which should contain a token query parameter since the Google auth
server redirected the user's browser to this URL.
rsa_private_key: str the private RSA key cert used to sign all requests
made with this token.

Args:
str_or_uri: The current page's URL (as a str or atom.http_core.Uri)
which should contain a token query parameter since the Google auth
server redirected the user's browser to this URL.
rsa_private_key: str the private RSA key cert used to sign all requests
made with this token.

Calculates an HMAC signature using the information in the token to
indicate that the request came from this application and that this
application has permission to access a particular user's data using 2LO.

Args:
google_apps_domain: str (optional) If the user should be signing in
using an account under a known Google Apps domain, provide the
domain name ('example.com') here. If not provided, 'default'
will be used, and the user will be prompted to select an account
if they are signed in with a Google Account and Google Apps
accounts.
language: str (optional) An ISO 639 country code identifying what
language the approval page should be translated in (for example,
'en' for English). The default is the user's selected language.
btmpl: str (optional) Forces a mobile version of the approval page. The
only accepted value is 'mobile'.
auth_server: str (optional) The start of the token authorization web
page. Defaults to
'https://www.google.com/accounts/OAuthAuthorizeToken'

Args:
google_apps_domain: str (optional) If the user should be signing in
using an account under a known Google Apps domain, provide the
domain name ('example.com') here. If not provided, 'default'
will be used, and the user will be prompted to select an account
if they are signed in with a Google Account and Google Apps
accounts.
language: str (optional) An ISO 639 country code identifying what
language the approval page should be translated in (for example,
'en' for English). The default is the user's selected language.
btmpl: str (optional) Forces a mobile version of the approval page. The
only accepted value is 'mobile'.
auth_server: str (optional) The start of the token authorization web
page. Defaults to
'https://www.google.com/accounts/OAuthAuthorizeToken'

Calculates an RSA signature using the information in the token to
indicate that the request came from this application and that this
application has permission to access a particular user's data using 2LO.

Args:
google_apps_domain: str (optional) If the user should be signing in
using an account under a known Google Apps domain, provide the
domain name ('example.com') here. If not provided, 'default'
will be used, and the user will be prompted to select an account
if they are signed in with a Google Account and Google Apps
accounts.
language: str (optional) An ISO 639 country code identifying what
language the approval page should be translated in (for example,
'en' for English). The default is the user's selected language.
btmpl: str (optional) Forces a mobile version of the approval page. The
only accepted value is 'mobile'.
auth_server: str (optional) The start of the token authorization web
page. Defaults to
'https://www.google.com/accounts/OAuthAuthorizeToken'

Args:
google_apps_domain: str (optional) If the user should be signing in
using an account under a known Google Apps domain, provide the
domain name ('example.com') here. If not provided, 'default'
will be used, and the user will be prompted to select an account
if they are signed in with a Google Account and Google Apps
accounts.
language: str (optional) An ISO 639 country code identifying what
language the approval page should be translated in (for example,
'en' for English). The default is the user's selected language.
btmpl: str (optional) Forces a mobile version of the approval page. The
only accepted value is 'mobile'.
auth_server: str (optional) The start of the token authorization web
page. Defaults to
'https://www.google.com/accounts/OAuthAuthorizeToken'

This is a convenience method for using the library with App Engine.
Recommended usage is to associate the auth token with the current_user.
If a user is signed in to the app using the App Engine users API, you
can use
gdata.gauth.ae_save(some_token, users.get_current_user().user_id())
If you are not using the Users API you are free to choose whatever
string you would like for a token_string.

After the Google Accounts AuthSub pages redirect the user's broswer back to
the web application (using the 'next' URL from the request) the web app must
extract the token from the current page's URL. The token is provided as a
URL parameter named 'token' and if generate_auth_sub_url was used to create
the request, the token's valid scopes are included in a URL parameter whose
name is specified in scopes_param_prefix.

Args:
url: atom.url.Url or str representing the current URL. The token value
and valid scopes should be included as URL parameters.
scopes_param_prefix: str (optional) The URL parameter key which maps to
the list of valid scopes for the token.

Returns:
A tuple containing the token value as a string, and a tuple of scopes
(as atom.http_core.Uri objects) which are URL prefixes under which this
token grants permission to read and write user data.
(token_string, (scope_uri, scope_uri, scope_uri, ...))
If no scopes were included in the URL, the second value in the tuple is
None. If there was no token param in the url, the tuple returned is
(None, None)

Adds information to request token to allow it to become an access token.

Modifies the request_token object passed in by setting and unsetting the
necessary fields to allow this token to form a valid upgrade request.

Args:
request_token: The OAuth request token which has been authorized by the
user. In order for this token to be upgraded to an access token,
certain fields must be extracted from the URL and added to the token
so that they can be passed in an upgrade-token request.
url: The URL of the current page which the user's browser was redirected
to after they authorized access for the app. This function extracts
information from the URL which is needed to upgraded the token from
a request token to an access token.

Args:
service_names: list of strings (optional) Each name must be a key in the
AUTH_SCOPES dictionary. If no list is provided (None) then
the resulting list will contain all scope URLs in the
AUTH_SCOPES dict.

Returns:
A list of URL strings which are the scopes needed to access these services
when requesting a token using AuthSub or OAuth.

Returns the URL and token for a CAPTCHA challenge issued by the server.

Args:
http_body: str The body of the HTTP response from the server which
contains the CAPTCHA challenge.
captcha_base_url: str This function returns a full URL for viewing the
challenge image which is built from the server's response. This
base_url is used as the beginning of the URL because the server
only provides the end of the URL. For example the server provides
'Captcha?ctoken=Hi...N' and the URL for the image is
'http://www.google.com/accounts/Captcha?ctoken=Hi...N'

Returns:
A dictionary containing the information needed to repond to the CAPTCHA
challenge, the image URL and the ID token of the challenge. The
dictionary is in the form:
{'token': string identifying the CAPTCHA image,
'url': string containing the URL of the image}
Returns None if there was no CAPTCHA challenge in the response.

Returns:
A string represenging this token. The string can be converted back into
an equivalent token object using token_from_blob. Note that any members
which are set to '' will be set to None when the token is deserialized
by token_from_blob.

Extracts access token information from response to an upgrade request.

Once the server has responded with the new token info for the OAuth
access token, this method modifies the request_token to set and unset
necessary fields to create valid OAuth authorization headers for requests.

Args:
request_token: An OAuth token which this function modifies to allow it
to be used as an access token.
server_response_body: str The server's response to an OAuthAuthorizeToken
request. This should contain the new token and token_secret which
are used to generate the signature and parameters of the Authorization
header in subsequent requests to Google Data APIs.

This is a convenience method for using the library with App Engine.
Recommended usage is to associate the auth token with the current_user.
If a user is signed in to the app using the App Engine users API, you
can use
gdata.gauth.ae_save(some_token, users.get_current_user().user_id())
If you are not using the Users API you are free to choose whatever
string you would like for a token_string.

After the Google Accounts AuthSub pages redirect the user's broswer back to
the web application (using the 'next' URL from the request) the web app must
extract the token from the current page's URL. The token is provided as a
URL parameter named 'token' and if generate_auth_sub_url was used to create
the request, the token's valid scopes are included in a URL parameter whose
name is specified in scopes_param_prefix.

Args:
url: atom.url.Url or str representing the current URL. The token value
and valid scopes should be included as URL parameters.
scopes_param_prefix: str (optional) The URL parameter key which maps to
the list of valid scopes for the token.

Returns:
A tuple containing the token value as a string, and a tuple of scopes
(as atom.http_core.Uri objects) which are URL prefixes under which this
token grants permission to read and write user data.
(token_string, (scope_uri, scope_uri, scope_uri, ...))
If no scopes were included in the URL, the second value in the tuple is
None. If there was no token param in the url, the tuple returned is
(None, None)

Adds information to request token to allow it to become an access token.

Modifies the request_token object passed in by setting and unsetting the
necessary fields to allow this token to form a valid upgrade request.

Args:
request_token: The OAuth request token which has been authorized by the
user. In order for this token to be upgraded to an access token,
certain fields must be extracted from the URL and added to the token
so that they can be passed in an upgrade-token request.
url: The URL of the current page which the user's browser was redirected
to after they authorized access for the app. This function extracts
information from the URL which is needed to upgraded the token from
a request token to an access token.

Args:
http_request: The request being made to the server. The Request's URL
must be complete before this signature is calculated as any changes
to the URL will invalidate the signature.
nonce: str Random 64-bit, unsigned number encoded as an ASCII string in
decimal format. The nonce/timestamp pair should always be unique to
prevent replay attacks.
timestamp: Integer representing the time the request is sent. The
timestamp should be expressed in number of seconds after January 1,
1970 00:00:00 GMT.

Args:
http_request: The request being made to the server. The Request's URL
must be complete before this signature is calculated as any changes
to the URL will invalidate the signature.
consumer_key: Domain identifying the third-party web application. This is
the domain used when registering the application with Google. It
identifies who is making the request on behalf of the user.
nonce: Random 64-bit, unsigned number encoded as an ASCII string in decimal
format. The nonce/timestamp pair should always be unique to prevent
replay attacks.
signaure_type: either RSA_SHA1 or HMAC_SHA1
timestamp: Integer representing the time the request is sent. The
timestamp should be expressed in number of seconds after January 1,
1970 00:00:00 GMT.
version: The OAuth version used by the requesting web application. This
value must be '1.0' or '1.0a'. If not provided, Google assumes version
1.0 is in use.
next: The URL the user should be redirected to after granting access
to a Google service(s). It can include url-encoded query parameters.
The default value is 'oob'. (This is the oauth_callback.)
token: The string for the OAuth request token or OAuth access token.
verifier: str Sent as the oauth_verifier and required when upgrading a
request token to an access token.

Args:
service_names: list of strings (optional) Each name must be a key in the
AUTH_SCOPES dictionary. If no list is provided (None) then
the resulting list will contain all scope URLs in the
AUTH_SCOPES dict.

Returns:
A list of URL strings which are the scopes needed to access these services
when requesting a token using AuthSub or OAuth.

Args:
consumer_key: Identifies the application making the request (str).
timestamp:
nonce:
signature_type: One of either HMAC_SHA1 or RSA_SHA1
signature: The HMAC or RSA signature for the request as a base64
encoded string.
version: The version of the OAuth protocol that this request is using.
Default is '1.0'
next: The URL of the page that the user's browser should be sent to
after they authorize the token. (Optional)
token: str The OAuth token value to be used in the oauth_token parameter
of the header.
verifier: str The OAuth verifier which must be included when you are
upgrading a request token to an access token.

The generated token will contain a URL parameter to pass along the
requested scopes to the next URL. When the Google Accounts page
redirects the broswser to the 'next' URL, it appends the single use
AuthSub token value to the URL as a URL parameter with the key 'token'.
However, the information about which scopes were requested is not
included by Google Accounts. This method adds the scopes to the next
URL before making the request so that the redirect will be sent to
a page, and both the token value and the list of scopes for which the token
was requested.

Args:
next: atom.http_core.Uri or string The URL user will be sent to after
authorizing this web application to access their data.
scopes: list containint strings or atom.http_core.Uri objects. The URLs
of the services to be accessed. Could also be a single string
or single atom.http_core.Uri for requesting just one scope.
secure: boolean (optional) Determines whether or not the issued token
is a secure token.
session: boolean (optional) Determines whether or not the issued token
can be upgraded to a session token.
request_url: atom.http_core.Uri or str The beginning of the request URL.
This is normally
'http://www.google.com/accounts/AuthSubRequest' or
'/accounts/AuthSubRequest'
domain: The domain which the account is part of. This is used for Google
Apps accounts, the default value is 'default' which means that
the requested account is a Google Account (@gmail.com for
example)
scopes_param_prefix: str (optional) The requested scopes are added as a
URL parameter to the next URL so that the page at
the 'next' URL can extract the token value and the
valid scopes from the URL. The key for the URL
parameter defaults to 'auth_sub_scopes'

Returns:
An atom.http_core.Uri which the user's browser should be directed to in
order to authorize this application to access their information.

Args:
token: str The request token from the OAuth server.
next: str (optional) URL the user should be redirected to after granting
access to a Google service(s). It can include url-encoded query
parameters.
hd: str (optional) Identifies a particular hosted domain account to be
accessed (for example, 'mycollege.edu'). Uses 'default' to specify a
regular Google account ('username@gmail.com').
hl: str (optional) An ISO 639 country code identifying what language the
approval page should be translated in (for example, 'hl=en' for
English). The default is the user's selected language.
btmpl: str (optional) Forces a mobile version of the approval page. The
only accepted value is 'mobile'.
auth_server: str (optional) The start of the token authorization web
page. Defaults to
'https://www.google.com/accounts/OAuthAuthorizeToken'

Returns:
An atom.http_core.Uri pointing to the token authorization page where the
user may allow or deny this app to access their Google data.

Args:
request_token: An OAuthHmacToken or OAuthRsaToken which the user has
approved using their browser.
auth_server_url: (optional) The URL at which the OAuth access token is
requested. Defaults to
https://www.google.com/accounts/OAuthGetAccessToken

Returns:
A new HttpRequest object which can be sent to the OAuth server to
request an OAuth Access Token.

Creates request to be sent to auth server to get an OAuth request token.

Args:
consumer_key:
signature_type: either RSA_SHA1 or HMAC_SHA1. The rsa_key must be
provided if the signature type is RSA but if the signature method
is HMAC, the consumer_secret must be used.
scopes: List of URL prefixes for the data which we want to access. For
example, to request access to the user's Blogger and Google Calendar
data, we would request
['http://www.blogger.com/feeds/',
'https://www.google.com/calendar/feeds/',
'http://www.google.com/calendar/feeds/']
rsa_key: Only used if the signature method is RSA_SHA1.
consumer_secret: Only used if the signature method is HMAC_SHA1.
auth_server_url: The URL to which the token request should be directed.
Defaults to 'https://www.google.com/accounts/OAuthGetRequestToken'.
next: The URL of the page that the user's browser should be sent to
after they authorize the token. (Optional)
version: The OAuth version used by the requesting web application.
Defaults to '1.0a'

Returns:
An atom.http_core.HttpRequest object with the URL, Authorization header
and body filled in.

Returns the URL and token for a CAPTCHA challenge issued by the server.

Args:
http_body: str The body of the HTTP response from the server which
contains the CAPTCHA challenge.
captcha_base_url: str This function returns a full URL for viewing the
challenge image which is built from the server's response. This
base_url is used as the beginning of the URL because the server
only provides the end of the URL. For example the server provides
'Captcha?ctoken=Hi...N' and the URL for the image is
'http://www.google.com/accounts/Captcha?ctoken=Hi...N'

Returns:
A dictionary containing the information needed to repond to the CAPTCHA
challenge, the image URL and the ID token of the challenge. The
dictionary is in the form:
{'token': string identifying the CAPTCHA image,
'url': string containing the URL of the image}
Returns None if there was no CAPTCHA challenge in the response.

Returns:
A string represenging this token. The string can be converted back into
an equivalent token object using token_from_blob. Note that any members
which are set to '' will be set to None when the token is deserialized
by token_from_blob.

Extracts access token information from response to an upgrade request.

Once the server has responded with the new token info for the OAuth
access token, this method modifies the request_token to set and unset
necessary fields to create valid OAuth authorization headers for requests.

Args:
request_token: An OAuth token which this function modifies to allow it
to be used as an access token.
server_response_body: str The server's response to an OAuthAuthorizeToken
request. This should contain the new token and token_secret which
are used to generate the signature and parameters of the Authorization
header in subsequent requests to Google Data APIs.